diff options
author | Samuel Tan <samueltan@google.com> | 2015-12-14 14:49:09 -0800 |
---|---|---|
committer | Samuel Tan <samueltan@google.com> | 2015-12-18 14:28:48 -0800 |
commit | d6720ce258a19c08fd2cfe6ea61b5eeefcfb9582 (patch) | |
tree | 170f773957a8c6e5d57e8ff2a5c3fa1055774133 | |
parent | 7a8c2c1f3b25446cec0e7e897f74c9769f4fb6be (diff) | |
download | platform_external_libbrillo-d6720ce258a19c08fd2cfe6ea61b5eeefcfb9582.tar.gz platform_external_libbrillo-d6720ce258a19c08fd2cfe6ea61b5eeefcfb9582.tar.bz2 platform_external_libbrillo-d6720ce258a19c08fd2cfe6ea61b5eeefcfb9582.zip |
libbrillo: extend Process API to support sandboxing
Extend the brillo::Process API to support some sandboxing
options.
BUG: 26190154
Change-Id: I6d657ee2afda20d18d6286b132c9143dce0ffc9d
-rw-r--r-- | brillo/process.cc | 15 | ||||
-rw-r--r-- | brillo/process.h | 22 | ||||
-rw-r--r-- | brillo/process_mock.h | 3 |
3 files changed, 40 insertions, 0 deletions
diff --git a/brillo/process.cc b/brillo/process.cc index 7edef02..009629a 100644 --- a/brillo/process.cc +++ b/brillo/process.cc @@ -98,6 +98,21 @@ void ProcessImpl::SetGid(gid_t gid) { gid_ = gid; } +void ProcessImpl::SetCapabilities(uint64_t /*capmask*/) { + // No-op, since ProcessImpl does not support sandboxing. + return; +} + +void ProcessImpl::ApplySyscallFilter(const std::string& /*path*/) { + // No-op, since ProcessImpl does not support sandboxing. + return; +} + +void ProcessImpl::EnterNewPidNamespace() { + // No-op, since ProcessImpl does not support sandboxing. + return; +} + void ProcessImpl::SetInheritParentSignalMask(bool inherit) { inherit_parent_signal_mask_ = inherit; } diff --git a/brillo/process.h b/brillo/process.h index 578879a..9760ab3 100644 --- a/brillo/process.h +++ b/brillo/process.h @@ -72,6 +72,25 @@ class BRILLO_EXPORT Process { // Set the real/effective/saved group ID of the child process. virtual void SetGid(gid_t gid) = 0; + // Set the capabilities assigned to the child process. + // NOTE: |capmask| is indeed a mask and should be passed in as the result of + // the CAP_TO_MASK(capability) macro, e.g. + // my_process.SetCapabilities(CAP_TO_MASK(CAP_SETUID) | + // CAP_TO_MASK(CAP_SETGID)); + // NOTE: supporting this sandboxing feature is optional (provide no-op + // implementation if your Process implementation does not support this). + virtual void SetCapabilities(uint64_t capmask) = 0; + + // Apply a syscall filter to the process using the policy file at |path|. + // NOTE: supporting this sandboxing feature is optional (provide no-op + // implementation if your Process implementation does not support this). + virtual void ApplySyscallFilter(const std::string& path) = 0; + + // Enter new PID namespace when this process is run. + // NOTE: supporting this sandboxing feature is optional (provide no-op + // implementation if your Process implementation does not support this). + virtual void EnterNewPidNamespace() = 0; + // Set a flag |inherit| to indicate if the child process intend to // inherit signal mask from the parent process. When |inherit| is // set to true, the child process will inherit signal mask from the @@ -150,6 +169,9 @@ class BRILLO_EXPORT ProcessImpl : public Process { virtual void SetCloseUnusedFileDescriptors(bool close_unused_fds); virtual void SetUid(uid_t uid); virtual void SetGid(gid_t gid); + virtual void SetCapabilities(uint64_t capmask); + virtual void ApplySyscallFilter(const std::string& path); + virtual void EnterNewPidNamespace(); virtual void SetInheritParentSignalMask(bool inherit); virtual void SetPreExecCallback(const PreExecCallback& cb); virtual void SetSearchPath(bool search_path); diff --git a/brillo/process_mock.h b/brillo/process_mock.h index d821cc4..f73d242 100644 --- a/brillo/process_mock.h +++ b/brillo/process_mock.h @@ -24,6 +24,9 @@ class ProcessMock : public Process { MOCK_METHOD2(BindFd, void(int parent_fd, int child_fd)); MOCK_METHOD1(SetUid, void(uid_t)); MOCK_METHOD1(SetGid, void(gid_t)); + MOCK_METHOD1(SetCapabilities, void(uint64_t capmask)); + MOCK_METHOD1(ApplySyscallFilter, void(const std::string& path)); + MOCK_METHOD0(EnterNewPidNamespace, void()); MOCK_METHOD1(SetInheritParentSignalMask, void(bool)); MOCK_METHOD1(SetPreExecCallback, void(const PreExecCallback&)); MOCK_METHOD1(SetSearchPath, void(bool)); |